如何从 Java 在 AWS 中生成签名

当我从 REST 客户端调用 API 端点时，我因与签名有关而出错。

要求：

主机： https ://xxx.execute-api.ap-southeast-1.amazonaws.com/latest/api/name

授权：AWS4-HMAC-SHA256 Credential= {AWSKEY} /20160314/ap-southeast-1/execute-api/aws4_request,SignedHeaders=host;range;x-amz-date,Signature= {signature}

X-Amz-日期：20160314T102915Z

回复：

 {
"message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. The Canonical String for this request should have been 'xxx' "
}

在 Java 代码中，我遵循了 AWS 对如何生成签名的参考。

     String secretKey = "{mysecretkey}";
    String dateStamp = "20160314";
    String regionName = "ap-southeast-1";
    String serviceName = "execute-api";

    byte[] signature = getSignatureKey(secretKey, dateStamp, regionName, serviceName);
    System.out.println("Signature : " + Hex.encodeHexString(signature));

    static byte[] HmacSHA256(String data, byte[] key) throws Exception  {
         String algorithm="HmacSHA256";
         Mac mac = Mac.getInstance(algorithm);
         mac.init(new SecretKeySpec(key, algorithm));
         return mac.doFinal(data.getBytes("UTF8"));
    }

    static byte[] getSignatureKey(String key, String dateStamp, String regionName, String serviceName) throws Exception  {
         byte[] kSecret = ("AWS4" + key).getBytes("UTF8");
         byte[] kDate    = HmacSHA256(dateStamp, kSecret);
         byte[] kRegion  = HmacSHA256(regionName, kDate);
         byte[] kService = HmacSHA256(serviceName, kRegion);
         byte[] kSigning = HmacSHA256("aws4_request", kService);
         return kSigning;
    }

我可以知道我在生成签名时出了什么问题吗？

参考如何生成签名： http ://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-java

原文由 Tun Lin Aung 发布，翻译遵循 CC BY-SA 4.0 许可协议